SSLCategory

We often use this blog to reiterate the importance of web security, and hopefully it’s clear why: Buying a domain is a great first step, but we want to make sure our customers can use them, too. Whether it’s for business or personal use, a website needs to be protected from malicious actors all over the world. Yet while SSL certificates are the first line of defense against hacking, only 3% of domains are currently protected by them. This is why we have joined Symantec’s new Encryption Everywhere program. This is a huge leap for customer security on our platform, and we’re very excited to start offering this protection.

Encryption Everywhere is Symantec’s solution to have 100% SSL coverage for all websites by 2018. To that end, we are going to enable Symantec’s Encryption Everywhere SSL certificates for all resellers via the Enom API. Similar coverage for all of our retail customers is also on our 2017 roadmap. These Domain Validated (DV) single-domain certificates are what Symantec considers the new baseline level of web security. Customers that need additional features and protection will be able to easily upgrade to appropriate certificates.

Wanting to protect domain registrants and their websites’ users from cyber criminals should be a no-brainer. But there are additional motivations for a 100% SSL-covered web, as well. Search engines are now prioritizing secured websites in their rankings. Internet browsers are also beginning to scale back features for sites outside of the HTTPS standard. In short, with Encryption Everywhere SSL certificates there are few reasons why a website shouldn’t be protected, and more and more reasons why it should.

Ramping up from 3% to 100% coverage by 2018 may seem like a monumental task, but Enom’s own platform has seen its own extensive changes in the course of a year, and we feel that the substantial benefits for our customers is worth the effort. For our reseller customers, we’ve built a landing page explaining the Encryption Everywhere program in more detail, and we’ll have more information for retail customers in the new year.

You may have heard that Google announced a new security feature being added to Gmail: Going forward, Gmail will flag emails being sent to its users from “unauthenticated” senders, essentially those that cannot be guaranteed to come from a legitimate source. These changes ought to cut down the risk of phishing attacks, keeping users from opening malicious attachments or clicking dangerous links. But it does beg the question: How do you know if you’re browsing safely when you’re outside of your Gmail account?

There is a laundry list of precautions you should be taking when online, most of which are fairly common sense: protecting your device and network with a strong password, keeping your system and anti-malware software up to date, and not giving out personal or financial information whenever possible. In general, sticking to trusted websites by reputable operators, should keep you safe most of the time.

But we all have to navigate to new, unknown websites from time to time. In these cases, you might need to go the extra distance to confirm that you’re browsing safely. Clicking on the appropriate icon in your browser bar will bring up a prompt containing the website’s security certificates. This assures you that sensitive information, like passwords or credit card numbers, are securely transmitted between yourself and the site.

For website operators, setting up these security verifications requires an SSL certificate for the appropriate domain name. Certain certificates, such as the GeoTrust RapidSSL Wildcard, also protect an unlimited number of subdomains, so your homepage, blog, eCommerce storefront, can all be protected at once. It only takes one hack or cyberattack to ruin a brand’s reputation online, so don’t leave your website vulnerable when simple precautions like SSL certificates are available.

When we browse online, we usually expect everything to “just work,” which includes keeping our data and personal information secure and private. That doesn’t mean you should be complacent; that’s exactly the attitude cybercriminals will take advantage of. Double-check that sites you visit have their security certificates up to date (and set up SSL certificates for your own websites) so you can rest a little easier as you head online.

October 21st, 2016 was a frustrating day for many internet users as a coordinated attack on the Domain Name System (DNS) provider Dyn caused major platforms like Twitter, Netflix, and Reddit to go down for much of the day. The complaints raised that morning (and the conspicuous lack of complaints on the affected social networks) were what made the headlines, but in the aftermath, cybersecurity experts started piecing together what happened. The suspected source of the attack was actually millions of sources: household appliances and other internet-connected devices that had been infected by the Mirai strain of malware.

Businesses that relied on these platforms to interact with their customers were either slowed, or stopped entirely during the outage. Imagine how many pre-existing customer issues being handled over Twitter were exacerbated when the cyberattack occurred. This is perhaps the first lesson to be learned: Diversify your web presence across several social networks, and better yet, have a dedicated domain and website that you can update easily. No one social network is ultimately immune from massive cyberattacks, but spreading your communication across several channels helps to ensure that you aren’t entirely cut-off in a crisis.

While there’s little you can do alone to prevent massive cyberattacks, over the long term, you can and should be protecting yourself and your customers. The appliances and devices used in the October 21st attacks are considered “easy targets” by hackers, but there’s no reason that your own customers should be exposed to the same risks. One of the first things you ought to be doing is adding an SSL certificate to your domain to make sure traffic to your website is kept private and safe. GeoTrust’s True BusinessID with EV is a popular option with businesses because it not only keeps visitors safe from malware and data breaches, but makes sure they know they are safe when conducting business on your website.

The October 21st outages shouldn’t be thought of as outliers. With countless household appliances and devices now connected to the internet, cybercriminals have more resources than ever to launch attacks on websites and online service providers. Taking the precautions outlined above will give you more options to keep in touch with your customers when the next emergency hits.

The consumer confidence index is a monthly indicator of people’s optimism in their current and future financial position. It’s used in part to determine whether the economy is on the right track, even though, ultimately, all it really measures is what’s going on in consumers’ heads. But the index is useful because sentiment leads to real changes in individual behavior, which eventually trickles up to the economy at large. Believe it or not, this same concept has consequences for users’ behavior on your website.

Just as small, seemingly unrelated signals affect the consumer confidence index, it’s the little things that determine how much trust users and customers have in your website: clean formatting and navigation, up-to-date information and recent news, no broken links or images, prominent contact information. All of these things taken together determine whether your site delivers a positive user experience and builds confidence in users’ minds.

Of course, website security is another big component of consumer confidence. We’ve offered resources in the past that help small businesses protect themselves and their customers. And while you should (and must) put in the effort to secure your site properly, consumer confidence is all about making sure everyone knows that a site is secure. While there are many ways to protect a website, not all of them are necessarily visible to the user.

If you want to show your customers that a site is safe in the most conspicuous way possible, an Extended Validation (EV) SSL certificate from GeoTrust might be the right choice. Many customers know to look for the “s” in “https” before submitting any information, but EV SSL also goes a step further by adding a bit of color to the browser bar— green to be specific—as an immediate, visual cue of a site’s safety. Each browser displays EV SSL security differently, but you can see them all for yourself on GeoTrust’s page. These are all details you might not have considered yourself until now, but many consumers actively seek out, and only do business with, websites that have these protections.

With so many customers today using the web as their primary source of information for where they do business, signaling a positive (and safe) user experience can boost confidence in your site. If you’re looking for better leads and sales through your site, analyze your site from a user’s point of view, and talk to your domain or hosting provider about a visible security certificate like GeoTrust’s EV SSL.

We’re always looking to provide our resellers with a variety of product options to offer their customers, and recently one service has been consistently requested when it comes to security: the GeoTrust RapidSSL Wildcard certificate by Symantec. We are now happy to offer RapidSSL Wildcard alongside the rest of Enom’s SSL certificate portfolio.

RapidSSL Wildcard protects all of your customers’ subdomains with a single, affordable certificate. It includes unlimited server licenses at no extra cost, issuing DV certificates almost immediately and installing in seconds. Your customers will be able to enjoy the protection of a trusted brand at an ideal price point.

We know customers are already asking for RapidSSL Wildcard, and it should be a strong selling point for any of your value-minded users with entry-level needs for security. Its price makes it ideally suited to include as part of a bundle of services for your customers. To learn more about RapidSSL Wildcard and our entire lineup of SSL certs, browse our documentation site or contact our sales team.